Analysis
-
max time kernel
168s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
07/11/2023, 14:14
General
-
Target
NEAS.a67a6e536a98be07bc6ddb051f1e1895.exe
-
Size
488KB
-
MD5
a67a6e536a98be07bc6ddb051f1e1895
-
SHA1
e70cd1f98da60ca8b1db26b2f37e59618a6d5cb2
-
SHA256
01782a50861e5c3f4a095643f3d98d3d12e2404a5b4591d3b182c867b38c59ee
-
SHA512
2c7d367100ed5e26c92a7b33148f9308535d5a3985d49c67a3d918ce633156ef90db6bd4c03e50189e60e4be4de849fcca6534dd5f60144b93741fd2d9abb061
-
SSDEEP
6144:zW7LjEBVaqpvZpon/TNId/1fon/T9P7GSon/TNId/1fon/T2oI0YokOsfY7Uon2J:YjEBVaKvsNIVyeNIVy2oIvPKiKO
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a67a6e536a98be07bc6ddb051f1e1895.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a67a6e536a98be07bc6ddb051f1e1895.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgqlcg32.exeC:\Windows\system32\Cgqlcg32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpkmal32.exeC:\Windows\system32\Dpkmal32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ddifgk32.exeC:\Windows\system32\Ddifgk32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgjoif32.exeC:\Windows\system32\Dgjoif32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doccpcja.exeC:\Windows\system32\Doccpcja.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eoepebho.exeC:\Windows\system32\Eoepebho.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eklajcmc.exeC:\Windows\system32\Eklajcmc.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekonpckp.exeC:\Windows\system32\Ekonpckp.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eomffaag.exeC:\Windows\system32\Eomffaag.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekcgkb32.exeC:\Windows\system32\Ekcgkb32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Figgdg32.exeC:\Windows\system32\Figgdg32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fqeioiam.exeC:\Windows\system32\Fqeioiam.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbdehlip.exeC:\Windows\system32\Fbdehlip.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fganqbgg.exeC:\Windows\system32\Fganqbgg.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gokbgpeg.exeC:\Windows\system32\Gokbgpeg.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gkaclqkk.exeC:\Windows\system32\Gkaclqkk.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Giecfejd.exeC:\Windows\system32\Giecfejd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glfmgp32.exeC:\Windows\system32\Glfmgp32.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbpedjnb.exeC:\Windows\system32\Gbpedjnb.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gngeik32.exeC:\Windows\system32\Gngeik32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eaceghcg.exeC:\Windows\system32\Eaceghcg.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jelonkph.exeC:\Windows\system32\Jelonkph.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mebkge32.exeC:\Windows\system32\Mebkge32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nchhfild.exeC:\Windows\system32\Nchhfild.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdlhgpag.exeC:\Windows\system32\Cdlhgpag.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdnelpod.exeC:\Windows\system32\Cdnelpod.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clijablo.exeC:\Windows\system32\Clijablo.exe28⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dipgpf32.exeC:\Windows\system32\Dipgpf32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmbiackg.exeC:\Windows\system32\Dmbiackg.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Ecoaijio.exeC:\Windows\system32\Ecoaijio.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Epcbbohh.exeC:\Windows\system32\Epcbbohh.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eepkkefp.exeC:\Windows\system32\Eepkkefp.exe3⤵
- Executes dropped EXE
- Modifies registry class
-
-
-
C:\Windows\SysWOW64\Epeohn32.exeC:\Windows\system32\Epeohn32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egpgehnb.exeC:\Windows\system32\Egpgehnb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Emioab32.exeC:\Windows\system32\Emioab32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ephlnn32.exeC:\Windows\system32\Ephlnn32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egbdjhlp.exeC:\Windows\system32\Egbdjhlp.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eegqldqg.exeC:\Windows\system32\Eegqldqg.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdhail32.exeC:\Windows\system32\Fdhail32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpckjlje.exeC:\Windows\system32\Fpckjlje.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fcddkggf.exeC:\Windows\system32\Fcddkggf.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjnlha32.exeC:\Windows\system32\Gjnlha32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcgqag32.exeC:\Windows\system32\Gcgqag32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjemle32.exeC:\Windows\system32\Jjemle32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdnkhn32.exeC:\Windows\system32\Bdnkhn32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cqghcn32.exeC:\Windows\system32\Cqghcn32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgaqphgl.exeC:\Windows\system32\Cgaqphgl.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cegnol32.exeC:\Windows\system32\Cegnol32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckcbaf32.exeC:\Windows\system32\Ckcbaf32.exe16⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cgjcfgoa.exeC:\Windows\system32\Cgjcfgoa.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbphcpog.exeC:\Windows\system32\Dbphcpog.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dlhlleeh.exeC:\Windows\system32\Dlhlleeh.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Deqqek32.exeC:\Windows\system32\Deqqek32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djmima32.exeC:\Windows\system32\Djmima32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbdano32.exeC:\Windows\system32\Dbdano32.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dioiki32.exeC:\Windows\system32\Dioiki32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Djpfbahm.exeC:\Windows\system32\Djpfbahm.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Diafqi32.exeC:\Windows\system32\Diafqi32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhfcae32.exeC:\Windows\system32\Dhfcae32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eejcki32.exeC:\Windows\system32\Eejcki32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehhpge32.exeC:\Windows\system32\Ehhpge32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Enbhdojn.exeC:\Windows\system32\Enbhdojn.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ejiiippb.exeC:\Windows\system32\Ejiiippb.exe30⤵
-
C:\Windows\SysWOW64\Ejkenpnp.exeC:\Windows\system32\Ejkenpnp.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eaenkj32.exeC:\Windows\system32\Eaenkj32.exe32⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejnbdp32.exeC:\Windows\system32\Ejnbdp32.exe33⤵
-
C:\Windows\SysWOW64\Eahjqicj.exeC:\Windows\system32\Eahjqicj.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fhbbmc32.exeC:\Windows\system32\Fhbbmc32.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Folkjnbc.exeC:\Windows\system32\Folkjnbc.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fiaogfai.exeC:\Windows\system32\Fiaogfai.exe37⤵
-
C:\Windows\SysWOW64\Ficlmf32.exeC:\Windows\system32\Ficlmf32.exe38⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbcffk32.exeC:\Windows\system32\Gbcffk32.exe39⤵
-
C:\Windows\SysWOW64\Geabbfoc.exeC:\Windows\system32\Geabbfoc.exe40⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gahcgg32.exeC:\Windows\system32\Gahcgg32.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gkeakl32.exeC:\Windows\system32\Gkeakl32.exe42⤵
-
C:\Windows\SysWOW64\Hcofbifb.exeC:\Windows\system32\Hcofbifb.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hiinoc32.exeC:\Windows\system32\Hiinoc32.exe44⤵
-
C:\Windows\SysWOW64\Hlgjko32.exeC:\Windows\system32\Hlgjko32.exe45⤵
-
C:\Windows\SysWOW64\Hohcmjic.exeC:\Windows\system32\Hohcmjic.exe46⤵
-
C:\Windows\SysWOW64\Hebkid32.exeC:\Windows\system32\Hebkid32.exe47⤵
-
C:\Windows\SysWOW64\Hahlnefd.exeC:\Windows\system32\Hahlnefd.exe48⤵
-
C:\Windows\SysWOW64\Hlnqln32.exeC:\Windows\system32\Hlnqln32.exe49⤵
-
C:\Windows\SysWOW64\Hakidd32.exeC:\Windows\system32\Hakidd32.exe50⤵
-
C:\Windows\SysWOW64\Icjengld.exeC:\Windows\system32\Icjengld.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ihgnfnjl.exeC:\Windows\system32\Ihgnfnjl.exe52⤵
-
C:\Windows\SysWOW64\Ioafchai.exeC:\Windows\system32\Ioafchai.exe53⤵
-
C:\Windows\SysWOW64\Ihjjln32.exeC:\Windows\system32\Ihjjln32.exe54⤵
-
C:\Windows\SysWOW64\Ifnkeb32.exeC:\Windows\system32\Ifnkeb32.exe55⤵
-
C:\Windows\SysWOW64\Ilgcblnp.exeC:\Windows\system32\Ilgcblnp.exe56⤵
-
C:\Windows\SysWOW64\Ijkdkq32.exeC:\Windows\system32\Ijkdkq32.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Icdhdfcj.exeC:\Windows\system32\Icdhdfcj.exe58⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jkomhhae.exeC:\Windows\system32\Jkomhhae.exe59⤵
-
C:\Windows\SysWOW64\Jfdafa32.exeC:\Windows\system32\Jfdafa32.exe60⤵
-
C:\Windows\SysWOW64\Jkajnh32.exeC:\Windows\system32\Jkajnh32.exe61⤵
-
C:\Windows\SysWOW64\Jhejgl32.exeC:\Windows\system32\Jhejgl32.exe62⤵
-
C:\Windows\SysWOW64\Jcknee32.exeC:\Windows\system32\Jcknee32.exe63⤵
-
C:\Windows\SysWOW64\Joaojf32.exeC:\Windows\system32\Joaojf32.exe64⤵
-
C:\Windows\SysWOW64\Jjgcgo32.exeC:\Windows\system32\Jjgcgo32.exe65⤵
-
C:\Windows\SysWOW64\Jodlof32.exeC:\Windows\system32\Jodlof32.exe66⤵
-
C:\Windows\SysWOW64\Kkkldg32.exeC:\Windows\system32\Kkkldg32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kmjinjnj.exeC:\Windows\system32\Kmjinjnj.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kcikfcab.exeC:\Windows\system32\Kcikfcab.exe69⤵
-
C:\Windows\SysWOW64\Kmaooihb.exeC:\Windows\system32\Kmaooihb.exe70⤵
-
C:\Windows\SysWOW64\Lbnggpfj.exeC:\Windows\system32\Lbnggpfj.exe71⤵
-
C:\Windows\SysWOW64\Lobhqdec.exeC:\Windows\system32\Lobhqdec.exe72⤵
-
C:\Windows\SysWOW64\Lijlii32.exeC:\Windows\system32\Lijlii32.exe73⤵
-
C:\Windows\SysWOW64\Limioiia.exeC:\Windows\system32\Limioiia.exe74⤵
-
C:\Windows\SysWOW64\Lcbmlbig.exeC:\Windows\system32\Lcbmlbig.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Lmkbeg32.exeC:\Windows\system32\Lmkbeg32.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lpinac32.exeC:\Windows\system32\Lpinac32.exe77⤵
-
C:\Windows\SysWOW64\Llpofd32.exeC:\Windows\system32\Llpofd32.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Midoph32.exeC:\Windows\system32\Midoph32.exe79⤵
-
C:\Windows\SysWOW64\Mcicma32.exeC:\Windows\system32\Mcicma32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mfhpilbc.exeC:\Windows\system32\Mfhpilbc.exe81⤵
-
C:\Windows\SysWOW64\Mmahff32.exeC:\Windows\system32\Mmahff32.exe82⤵
-
C:\Windows\SysWOW64\Mclpbqal.exeC:\Windows\system32\Mclpbqal.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mihikgod.exeC:\Windows\system32\Mihikgod.exe84⤵
-
C:\Windows\SysWOW64\Mlgegcng.exeC:\Windows\system32\Mlgegcng.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mbamcm32.exeC:\Windows\system32\Mbamcm32.exe86⤵
-
C:\Windows\SysWOW64\Mmfaafej.exeC:\Windows\system32\Mmfaafej.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcpjnp32.exeC:\Windows\system32\Mcpjnp32.exe88⤵
-
C:\Windows\SysWOW64\Mimbfg32.exeC:\Windows\system32\Mimbfg32.exe89⤵
-
C:\Windows\SysWOW64\Nbefolao.exeC:\Windows\system32\Nbefolao.exe90⤵
-
C:\Windows\SysWOW64\Njokei32.exeC:\Windows\system32\Njokei32.exe91⤵
-
C:\Windows\SysWOW64\Nlphmafm.exeC:\Windows\system32\Nlphmafm.exe92⤵
-
C:\Windows\SysWOW64\Nffljjfc.exeC:\Windows\system32\Nffljjfc.exe93⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nmpdgdmp.exeC:\Windows\system32\Nmpdgdmp.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njceqili.exeC:\Windows\system32\Njceqili.exe95⤵
-
C:\Windows\SysWOW64\Ndliin32.exeC:\Windows\system32\Ndliin32.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Omdnbd32.exeC:\Windows\system32\Omdnbd32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opcjno32.exeC:\Windows\system32\Opcjno32.exe98⤵
-
C:\Windows\SysWOW64\Ojkkah32.exeC:\Windows\system32\Ojkkah32.exe99⤵
-
C:\Windows\SysWOW64\Odcojm32.exeC:\Windows\system32\Odcojm32.exe100⤵
-
C:\Windows\SysWOW64\Ofalfi32.exeC:\Windows\system32\Ofalfi32.exe101⤵
-
C:\Windows\SysWOW64\Olndnp32.exeC:\Windows\system32\Olndnp32.exe102⤵
-
C:\Windows\SysWOW64\Ofdhlh32.exeC:\Windows\system32\Ofdhlh32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Omnqhbap.exeC:\Windows\system32\Omnqhbap.exe104⤵
-
C:\Windows\SysWOW64\Oplmdnpc.exeC:\Windows\system32\Oplmdnpc.exe105⤵
-
C:\Windows\SysWOW64\Okaabg32.exeC:\Windows\system32\Okaabg32.exe106⤵
-
C:\Windows\SysWOW64\Ppoijn32.exeC:\Windows\system32\Ppoijn32.exe107⤵
-
C:\Windows\SysWOW64\Pkdngf32.exeC:\Windows\system32\Pkdngf32.exe108⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Plejoode.exeC:\Windows\system32\Plejoode.exe109⤵
-
C:\Windows\SysWOW64\Pkfjmfld.exeC:\Windows\system32\Pkfjmfld.exe110⤵
-
C:\Windows\SysWOW64\Pkigbfja.exeC:\Windows\system32\Pkigbfja.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ppepkmhi.exeC:\Windows\system32\Ppepkmhi.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pcdlghgl.exeC:\Windows\system32\Pcdlghgl.exe113⤵
-
C:\Windows\SysWOW64\Pphlpl32.exeC:\Windows\system32\Pphlpl32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qdfefkll.exeC:\Windows\system32\Qdfefkll.exe115⤵
-
C:\Windows\SysWOW64\Qlajkm32.exeC:\Windows\system32\Qlajkm32.exe116⤵
-
C:\Windows\SysWOW64\Aiejda32.exeC:\Windows\system32\Aiejda32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Agikne32.exeC:\Windows\system32\Agikne32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Admkgifd.exeC:\Windows\system32\Admkgifd.exe119⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Acbhhf32.exeC:\Windows\system32\Acbhhf32.exe120⤵
-
C:\Windows\SysWOW64\Angleokb.exeC:\Windows\system32\Angleokb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-